#bsidessf2017: Fighting Email Phishing with a Custom IDS

“Phishing is a universal threat; this is everybody’s problem.”

These were the words of Uber’s Dan Borges, speaking at Security BSides San Francisco 2017 today.

In his session ‘Fighting Email Phishing with a Custom Cloud IDS’ Borges explained how Uber uses custom email IDS with its ‘Phantom’ tool to tackle the problem of email-based phishing, shining a light on how the company has been able to not only hunt and analyze attacks but also use techniques to learn and strike back.

“Phishing is not necessarily a technical exploit, but it’s tricking the human and this is not something that’s going to go away,” he said. “All they [threat actors] have to do is trick one person in the organization, and then they can work towards their goals.”

Borges added that email phishing threats can include many things, so Uber needs a great deal of flexibility to pull this risk domain apart, hence it set about creating its multi-tiered defense system that encompasses not only things like Google Apps but also phishing training and education awareness.

“Everyone at Uber is a human sensor and they are trained to report phishes,” he said.

One of the most impressive features of Uber’s IDS is its ability to quickly add rules based on new threats seen in the wild.

“We see phish that we haven’t planned for, that we don’t have rules for in our IDS immediately. These often get spotted by savvy engineers working in the company. What we do there is we go and review these every few weeks and make sure we can then see these in the IDS going forward.”

To conclude, Borges highlighted some of the other key benefits of using custom IDS as a phishing defense, such as the facility to add all types of integrations and constantly improve detection and notification abilities. 

What’s Hot on Infosecurity Magazine?